Search Results (364234 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2172 1 Linkworth 1 Linkworth 2024-11-21 4.3 Medium
The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack.
CVE-2022-2171 1 Crowdfavorite 1 Progressive License 2024-11-21 5.4 Medium
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
CVE-2022-2170 1 Microsoft 1 Microsoft Advertising Universal Event Tracking 2024-11-21 4.8 Medium
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.
CVE-2022-2169 1 Dwbooster 1 Loading Page With Loading Screen 2024-11-21 4.8 Medium
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2165 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2022-2164 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.3 Medium
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
CVE-2022-2163 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-11-21 8.8 High
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.
CVE-2022-2162 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2024-11-21 8.8 High
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.
CVE-2022-2161 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2158 2 Fedoraproject, Google 3 Extra Packages For Enterprise Linux, Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2157 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2156 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2153 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVE-2022-2152 1 Duplicate Page And Post Project 1 Duplicate Page And Post 2024-11-21 4.8 Medium
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2151 1 Emarketdesign 1 Best Contact Management Software 2024-11-21 4.8 Medium
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2149 1 Very Simple Breadcrumb Project 1 Very Simple Breadcrumb 2024-11-21 4.8 Medium
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2148 1 Linkedin Company Updates Project 1 Linkedin Company Updates 2024-11-21 4.8 Medium
The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2147 1 Cloudflare 1 Warp 2024-11-21 6.5 Medium
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
CVE-2022-2146 1 Import Csv Files Project 1 Import Csv Files 2024-11-21 6.1 Medium
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting
CVE-2022-2145 1 Cloudflare 1 Warp 2024-11-21 5.8 Medium
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.